FreeBSD - a lesson in poor defaults?

[Simon Krenz]

IMHO I can agree with most of the statements written down in this text. I can not understand why I need ntpd or sendmail activated in default installations. If I want to setup a time server or a mail server with further abilities I can install them later on. Most of the installations don't need such features. I don't think that the majority of servers do need threaded AES-CTR or NONE ciphers also. For me a installation should be a minimum set of features and a secure one as well. For all further things I need to know what I want and can install them. This has nothing to do with:

>If you need hardening, you should always check and know your system.

because also if you don't need hardening you should always check and know your system.

>I assume the virgin installed system will be ready to be remotely
>configured (e.g. sshd running, no firewall).


This will be as well with minimum sshd configuration and firewall activated.

>If we can assume that this About blob from the FreeBSD site is it’s mission statement: “””” >https://www.freebsd.org/about.html What is FreeBSD? FreeBSD is an operating system for a variety of >platforms which focuses on features, speed, and stability. It is derived from BSD, the version of >UNIX® deve…

And thats the problem, there is no word about security in this mission statement, but maybe it should be there in the actual word.

Just my 2 cents